You can view the history of all actions associated with a Finding from the Findings list or the Findings Investigation page.
|
NOTE: Once a Finding is dismissed, history will no longer be recorded, although it still can be viewed. If a new Finding is raised for the same indicator, a new history for the Finding will be created. |
To view a Finding's history from the Findings list:
-
Select the Finding whose history you want to view.
-
Click the View History button.
NOTE: If more than one Finding in the list is selected, the button will be disabled.
To view a Finding's history from the Findings Investigation page:
Click the View History button.
For each action associated with the Finding (listed from newest to oldest), the following information displays:
-
Date
NOTE: This field displays the signed-in user's local date and time.
-
Action
-
Source
-
Actor
For a Tier Zero [object] indicator, the history will include:
-
when the object was detected and whether the source was the provider (Security Guardian or BloodHound Enterprise) or Manually added.
-
when the Finding was created by Security Guardian.
For a Hygiene, Detected TTP, or Detected Anomaly Indicator the history will include:
- when a Hygiene, Detected TTP, or Detected Anomaly object was detected and whether the source was Assessments or On Demand Audit.
- when the Finding was created by Security Guardian.
- when any objects within the Finding were muted/unmuted.
- for an unprotected Active Directory Tier Zero object Finding, when the object was protected (if applicable).